From 11eb7a48269b820f4c954127abdcd26e56111b99 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Tue, 4 Dec 2018 15:45:12 +0100 Subject: Improve parsing of HTTPS options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The argument of the HTTPS options is now always extracted from the list of variable arguments. This removes strange errors like: MHD HTTPS option 8 passed to MHD but MHD_USE_TLS not set Invalid option 6313728! (Did you terminate the list with MHD_OPTION_END?) And allows to activate/deactivate HTTPS fairly by only setting or not the flag MHD_USE_TLS. Change-Id: I31acedbdefe9c930e94c7227d240a36d2a9000d5 Signed-off-by: José Bollo Signed-off-by: Christian Grothoff --- src/microhttpd/daemon.c | 57 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/src/microhttpd/daemon.c b/src/microhttpd/daemon.c index 4f6f4128..12495841 100644 --- a/src/microhttpd/daemon.c +++ b/src/microhttpd/daemon.c @@ -4775,6 +4775,9 @@ parse_options_va (struct MHD_Daemon *daemon, #ifdef HTTPS_SUPPORT int ret; const char *pstr; +#if GNUTLS_VERSION_MAJOR >= 3 + gnutls_certificate_retrieve_function2 *pgcrf; +#endif #endif /* HTTPS_SUPPORT */ while (MHD_OPTION_END != (opt = (enum MHD_OPTION) va_arg (ap, int))) @@ -4892,9 +4895,10 @@ parse_options_va (struct MHD_Daemon *daemon, break; #ifdef HTTPS_SUPPORT case MHD_OPTION_HTTPS_MEM_KEY: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) - daemon->https_mem_key = va_arg (ap, - const char *); + daemon->https_mem_key = pstr; #ifdef HAVE_MESSAGES else MHD_DLOG (daemon, @@ -4903,9 +4907,10 @@ parse_options_va (struct MHD_Daemon *daemon, #endif break; case MHD_OPTION_HTTPS_KEY_PASSWORD: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) - daemon->https_key_password = va_arg (ap, - const char *); + daemon->https_key_password = pstr; #ifdef HAVE_MESSAGES else MHD_DLOG (daemon, @@ -4914,9 +4919,10 @@ parse_options_va (struct MHD_Daemon *daemon, #endif break; case MHD_OPTION_HTTPS_MEM_CERT: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) - daemon->https_mem_cert = va_arg (ap, - const char *); + daemon->https_mem_cert = pstr; #ifdef HAVE_MESSAGES else MHD_DLOG (daemon, @@ -4925,9 +4931,10 @@ parse_options_va (struct MHD_Daemon *daemon, #endif break; case MHD_OPTION_HTTPS_MEM_TRUST: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) - daemon->https_mem_trust = va_arg (ap, - const char *); + daemon->https_mem_trust = pstr; #ifdef HAVE_MESSAGES else MHD_DLOG (daemon, @@ -4940,10 +4947,10 @@ parse_options_va (struct MHD_Daemon *daemon, int); break; case MHD_OPTION_HTTPS_MEM_DHPARAMS: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) { - const char *arg = va_arg (ap, - const char *); gnutls_datum_t dhpar; if (gnutls_dh_params_init (&daemon->https_mem_dhparams) < 0) @@ -4954,8 +4961,8 @@ parse_options_va (struct MHD_Daemon *daemon, #endif return MHD_NO; } - dhpar.data = (unsigned char *) arg; - dhpar.size = strlen (arg); + dhpar.data = (unsigned char *) pstr; + dhpar.size = strlen (pstr); if (gnutls_dh_params_import_pkcs3 (daemon->https_mem_dhparams, &dhpar, GNUTLS_X509_FMT_PEM) < 0) @@ -4969,22 +4976,21 @@ parse_options_va (struct MHD_Daemon *daemon, } daemon->have_dhparams = true; } - else - { #ifdef HAVE_MESSAGES + else MHD_DLOG (daemon, _("MHD HTTPS option %d passed to MHD but MHD_USE_TLS not set\n"), opt); #endif - return MHD_NO; - } break; case MHD_OPTION_HTTPS_PRIORITIES: + pstr = va_arg (ap, + const char *); if (0 != (daemon->options & MHD_USE_TLS)) { gnutls_priority_deinit (daemon->priority_cache); ret = gnutls_priority_init (&daemon->priority_cache, - pstr = va_arg (ap, const char*), + pstr, NULL); if (GNUTLS_E_SUCCESS != ret) { @@ -4998,6 +5004,12 @@ parse_options_va (struct MHD_Daemon *daemon, return MHD_NO; } } +#ifdef HAVE_MESSAGES + else + MHD_DLOG (daemon, + _("MHD HTTPS option %d passed to MHD but MHD_USE_TLS not set\n"), + opt); +#endif break; case MHD_OPTION_HTTPS_CERT_CALLBACK: #if GNUTLS_VERSION_MAJOR < 3 @@ -5007,9 +5019,16 @@ parse_options_va (struct MHD_Daemon *daemon, #endif return MHD_NO; #else + pgcrf = va_arg (ap, + gnutls_certificate_retrieve_function2 *); if (0 != (daemon->options & MHD_USE_TLS)) - daemon->cert_callback = va_arg (ap, - gnutls_certificate_retrieve_function2 *); + daemon->cert_callback = pgcrf; + else +#ifdef HAVE_MESSAGES + MHD_DLOG (daemon, + _("MHD HTTPS option %d passed to MHD but MHD_USE_TLS not set\n"), + opt); +#endif break; #endif #endif /* HTTPS_SUPPORT */ -- cgit v1.2.3